lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Apr 2022 03:23:22 +0200 From: Lech Perczak <lech.perczak@...il.com> To: netdev@...r.kernel.org, linux-usb@...r.kernel.org Cc: Bjørn Mork <bjorn@...k.no>, Kristian Evensen <kristian.evensen@...il.com>, Oliver Neukum <oliver@...kum.org> Subject: Re: [PATCH v2 2/3] rndis_host: enable the bogus MAC fixup for ZTE devices from cdc_ether W dniu 2022-04-13 o 02:11, Lech Perczak pisze: > Certain ZTE modems, namely: MF823. MF831, MF910, built-in modem from > MF286R, expose both CDC-ECM and RNDIS network interfaces. > They have a trait of ignoring the locally-administered MAC address > configured on the interface both in CDC-ECM and RNDIS part, > and this leads to dropping of incoming traffic by the host. > However, the workaround was only present in CDC-ECM, and MF286R > explicitly requires it in RNDIS mode. > > Re-use the workaround in rndis_host as well, to fix operation of MF286R > module, some versions of which expose only the RNDIS interface. Do so by > introducing new flag, RNDIS_DRIVER_DATA_BOGUS_MAC, and testing for it in And I just noticed that I forgot to rename that flag here, as well as one unneded whitespace change creeped in. Will resend V3 shortly. > rndis_rx_fixup. This is required, as RNDIS uses frame batching, and all > of the packets inside the batch need the fixup. This might introduce a > performance penalty, because test is done for every returned Ethernet > frame. > > Apply the workaround to both "flavors" of RNDIS interfaces, as older ZTE > modems, like MF823 found in the wild, report the USB_CLASS_COMM class > interfaces, while MF286R reports USB_CLASS_WIRELESS_CONTROLLER. > > Suggested-by: Bjørn Mork <bjorn@...k.no> > Cc: Kristian Evensen <kristian.evensen@...il.com> > Cc: Oliver Neukum <oliver@...kum.org> > Signed-off-by: Lech Perczak <lech.perczak@...il.com> > --- > v2: > - Ensured that MAC fixup is applied to all Ethernet frames inside an > RNDIS batch. Thanks to Bjørn for finding the issue. > - Introduced new driver flag to facilitate the above. > > drivers/net/usb/rndis_host.c | 33 ++++++++++++++++++++++++++++++++- > include/linux/usb/rndis_host.h | 1 + > 2 files changed, 33 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/usb/rndis_host.c b/drivers/net/usb/rndis_host.c > index 247f58cb0f84..18b27a4ed8bd 100644 > --- a/drivers/net/usb/rndis_host.c > +++ b/drivers/net/usb/rndis_host.c > @@ -485,10 +485,14 @@ EXPORT_SYMBOL_GPL(rndis_unbind); > */ > int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb) > { > + bool dst_mac_fixup; > + > /* This check is no longer done by usbnet */ > if (skb->len < dev->net->hard_header_len) > return 0; > > + dst_mac_fixup = !!(dev->driver_info->data & RNDIS_DRIVER_DATA_DST_MAC_FIXUP); > + > /* peripheral may have batched packets to us... */ > while (likely(skb->len)) { > struct rndis_data_hdr *hdr = (void *)skb->data; > @@ -523,10 +527,17 @@ int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb) > break; > skb_pull(skb, msg_len - sizeof *hdr); > skb_trim(skb2, data_len); > + > + if (unlikely(dst_mac_fixup)) > + usbnet_cdc_zte_rx_fixup(dev, skb2); > + > usbnet_skb_return(dev, skb2); > } > > /* caller will usbnet_skb_return the remaining packet */ > + if (unlikely(dst_mac_fixup)) > + usbnet_cdc_zte_rx_fixup(dev, skb); > + > return 1; > } > EXPORT_SYMBOL_GPL(rndis_rx_fixup); > @@ -578,7 +589,6 @@ rndis_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags) > } > EXPORT_SYMBOL_GPL(rndis_tx_fixup); > > - > static const struct driver_info rndis_info = { > .description = "RNDIS device", > .flags = FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT, > @@ -600,6 +610,17 @@ static const struct driver_info rndis_poll_status_info = { > .tx_fixup = rndis_tx_fixup, > }; > > +static const struct driver_info zte_rndis_info = { > + .description = "ZTE RNDIS device", > + .flags = FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT, > + .data = RNDIS_DRIVER_DATA_DST_MAC_FIXUP, > + .bind = rndis_bind, > + .unbind = rndis_unbind, > + .status = rndis_status, > + .rx_fixup = rndis_rx_fixup, > + .tx_fixup = rndis_tx_fixup, > +}; > + > /*-------------------------------------------------------------------------*/ > > static const struct usb_device_id products [] = { > @@ -613,6 +634,16 @@ static const struct usb_device_id products [] = { > USB_VENDOR_AND_INTERFACE_INFO(0x238b, > USB_CLASS_COMM, 2 /* ACM */, 0x0ff), > .driver_info = (unsigned long)&rndis_info, > +}, { > + /* ZTE WWAN modules */ > + USB_VENDOR_AND_INTERFACE_INFO(0x19d2, > + USB_CLASS_WIRELESS_CONTROLLER, 1, 3), > + .driver_info = (unsigned long)&zte_rndis_info, > +}, { > + /* ZTE WWAN modules, ACM flavour */ > + USB_VENDOR_AND_INTERFACE_INFO(0x19d2, > + USB_CLASS_COMM, 2 /* ACM */, 0x0ff), > + .driver_info = (unsigned long)&zte_rndis_info, > }, { > /* RNDIS is MSFT's un-official variant of CDC ACM */ > USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff), > diff --git a/include/linux/usb/rndis_host.h b/include/linux/usb/rndis_host.h > index 809bccd08455..cc42db51bbba 100644 > --- a/include/linux/usb/rndis_host.h > +++ b/include/linux/usb/rndis_host.h > @@ -197,6 +197,7 @@ struct rndis_keepalive_c { /* IN (optionally OUT) */ > > /* Flags for driver_info::data */ > #define RNDIS_DRIVER_DATA_POLL_STATUS 1 /* poll status before control */ > +#define RNDIS_DRIVER_DATA_DST_MAC_FIXUP 2 /* device ignores configured MAC address */ > > extern void rndis_status(struct usbnet *dev, struct urb *urb); > extern int -- Pozdrawiam/Kind regards, Lech Perczak
Powered by blists - more mailing lists